Can't make this page work

Discussion in 'Javascript' started by scottyman@comcast.net, Mar 8, 2006.

Guest

I can't make this script work properly. I've gone as far as I can with
it and the rest is out of my ability. I can do some html editing but
I'm lost in the Java world. The script at the bottom of the html page
controls the form fields that are required. It doesn't function like
it's supposed to and I can leave all the fields blank and it still
submits the form. Also I can't get it to transfer the file in the
upload section. The file name is emailed to me but not the file itself.
Any help would be greatly appreciated. We're hosting on Netsols web
server and I can't change that unfortunately so changing servers is out
of the question as someone else suggested. Does someone have a perl
script they can recommend that would solve the problem. I have the
"Form2Mail" script that I downloaded and that's not anywhere near as
complicated from what I saw but they say a script called "sendmail" has
to be on the server in order for it to work.

#!/usr/bin/perl -w
##############################################################################
# nms Formmail Version 3.14c1
#
# Copyright 2001 London Perl Mongers All rights reserved
#
# Created 11/11/01 Last Modified 08/11/04
#
# Matt's Script Archive: http://www.scriptarchive.com/
#
##############################################################################
# nms Formmail has been created as a drop in replacement for the
FormMail #
# found at Matt's Script Archive. Both the original and nms versions of
this #
# script can be found at the above URL. Support for nms Formmail is
#
# available through:
#
##############################################################################
#
# NMS FormMail Version 3.14c1
#

# PROGRAM INFORMATION
# -------------------
# FormMail.pl Version 3.14c1
#
# This program is licensed in the same way as Perl
# itself. You are free to choose between the GNU Public
# License <http://www.gnu.org/licenses/gpl.html> or
# the Artistic License
# <http://www.perl.com/pub/a/language/misc/Artistic.html>
#
# For help on configuration or installation see the
# README file or the POD documentation at the end of
# this file.

#
# The code below consists of module source inlined into this
# script to make it a standalone CGI.
#
# Inlining performed by NMS inline - see /v2/buildtools/inline
# in CVS at http://sourceforge.net/projects/nms-cgi for details.
#
BEGIN {

Each object of class C<CGI::NMS::Charset> is bound to a particular
character set when it is created. The object provides methods to
generate coderefs to perform a couple of character set dependent
operations on text strings.

=cut

=head1 CONSTRUCTORS

=over

=item new ( CHARSET )

Creates a new C<CGI::NMS::Charset> object, suitable for handing text
in the character set CHARSET. The CHARSET parameter must be a
character set string, such as C<us-ascii> or C<utf-8> for example.

Returns a copy of STRING with runs of non-printable characters
replaced with spaces and HTML metacharacters replaced with the
equivalent entities.

If STRING is undef then the empty string will be returned.

=cut

sub escape
{
my ($self, $string) = @_;

return &{ $self->{EH} }( &{ $self->{SN} }($string) );
}

=item strip_nonprint_coderef ()

Returns a reference to a sub to replace runs of non-printable
characters with spaces, in a manner suited to the charset in
use.

The returned coderef points to a sub that takes a single readonly
string argument and returns a modified version of the string. If
undef is passed to the function then the empty string will be
returned.

=cut

sub strip_nonprint_coderef
{
my ($self) = @_;

return $self->{SN};
}

=item escape_html_coderef ()

Returns a reference to a sub to escape HTML metacharacters in
a manner suited to the charset in use.

The returned coderef points to a sub that takes a single readonly
string argument and returns a modified version of the string.

These functions are returned by the strip_nonprint_coderef() and
escape_html_coderef() methods and invoked by the escape() method.
The function most appropriate to the character set in use will be
chosen.

=over

=item _strip_nonprint_utf8

Returns a copy of STRING with everything but printable C<us-ascii>
characters and valid C<utf-8> multibyte sequences replaced with
space characters.

This implementation of the mailer object defined in L<CGI::NMS::Mailer>
chooses between L<CGI::NMS::Mailer::SMTP> and
L<CGI::NMS::Mailer::Sendmail>
based on the string passed to new().

=head1 CONSTRUCTORS

=over

=item new ( ARGUMENT )

ARGUMENT must either be the string C<SMTP:> followed by the name or
dotted decimal IP address of an SMTP server that will relay mail
for the web server, or the path to a sendmail compatible binary,
including switches.

Values for the following configuration settings can be passed to new().

Subclasses for different NMS scripts will define their own set of
configuration settings, but they all inherit these as well.

=over

=item C<DEBUGGING>

If this is set to a true value, then the error message will be
displayed
in the browser if the script suffers a fatal error. This should be set
to 0 once the script is in service, since error messages may contain
sensitive information such as file paths which could be useful to
attackers.

Default: 0

=item C<name_and_version>

The name and version of the NMS script, as a single string.

=item C<emulate_matts_code>

When this variable is set to a true value (e.g. 1) the script will work
in exactly the same way as its counterpart at Matt's Script Archive. If
it is set to a false value (e.g. 0) then more advanced features and
security checks are switched on. We do not recommend changing this
variable to 1, as the resulting drop in security may leave your script
open to abuse.

Default: 0

=item C<secure>

When this variable is set to a true value (e.g. 1) many additional
security features are turned on. We do not recommend changing this
variable to 0, as the resulting drop in security may leave your script
open to abuse.

Default: 1

=item C<locale>

This determines the language that is used in the format_date() method -
by default this is blank and the language will probably be English.

Default: ''

=item C<charset>

The character set to use for output documents.

Default: 'iso-8859-1'

=item C<style>

This is the URL of a CSS stylesheet which will be used for script
generated messages. This should probably be the same as the one that
you use for all the other pages. This should be a local absolute URI
fragment. Set C<style> to 0 or the empty string if you don't want to
use style sheets.

Default: '';

=item C<cgi_post_max>

The variable C<$CGI:OST_MAX> is gets set to this value before the
request is handled.

Default: 1000000

=item C<cgi_disable_uploads>

The variable C<CGI:ISABLE_UPLOADS> gets set to this value before
the request is handled.

Default: 1

=item C<no_xml_doc_header>

If this is set to a true value then the output_cgi_html_header() method
will omit the XML document header that it would normally output. This
means that the output document will not be strictly valid XHTML, but it
may work better in some older browsers.

Default: not set

=item C<no_doctype_doc_header>

If this is set to a true value then the output_cgi_html_header() method
will omit the DOCTYPE document header that it would normally output.
This means that the output document will not be strictly valid XHTML,
but
it may work better in some older browsers.

Default: not set

=item C<no_xmlns_doc_header>

If this is set to a true value then the output_cgi_html_header() method
will omit the C<xmlns> attribute from the opening C<html> tag that it
outputs.

=back

=head1 METHODS

=over

=item request ()

This is the method that the CGI script invokes once for each run of the
CGI. This implementation sets up some things that are common to all
NMS
scripts and then invokes the virtual method handle_request() to do the
script specific processing.

Subclasses for individual NMS scripts must provide the following
methods:

=over

=item default_configuration ()

Invoked from new(), this method must return the default script
configuration as a key,value,key,value list. Configuration options
passed to new() will override those set by this method.

=item init ()

Invoked from new(), this method can be used to do any script specific
object initialisation. There is a default implementation, which does
nothing.

=cut

sub init {}

=item handle_request ()

Invoked from request(), this method is responsible for performing the
bulk of the CGI processing. Any fatal errors raised here will be
trapped and treated according to the C<DEBUGGING> configuration
setting.

=back

=head1 SEE ALSO

L<CGI::NMS::Charset>, L<CGI::NMS::Script::FormMail>

=head1 MAINTAINERS

The NMS project, E<lt>http://nms-cgi.sourceforge.net/E<gt>

To request support or report bugs, please email
E<lt><gt>

=head1 COPYRIGHT

Copyright 2003 London Perl Mongers, All rights reserved

=head1 LICENSE

This module is free software; you are free to redistribute it
and/or modify it under the same terms as Perl itself.

This module provides methods to validate some of the types of
data the occur in CGI scripts, such as URLs and email addresses.

=head1 METHODS

These C<validate_*> methods all return undef if the item passed
in is invalid, otherwise they return the valid item.

Some of these methods attempt to transform invalid input into valid
input (for example, validate_abs_url() will prepend http:// if missing)
so the returned valid item may not be the same as that passed in.

As well as the generic NMS script configuration settings described in
L<CGI::NMS::Script>, the FormMail constructor recognizes the following
configuration settings:

=over

=item C<allow_empty_ref>

Some web proxies and office firewalls may strip certain headers from
the
HTTP request that is sent by a browser. Among these is the
HTTP_REFERER
that FormMail uses as an additional check of the requests validity -
this
will cause the program to fail with a 'bad referer' message even though
the
configuration seems fine.

In these cases, setting this configuration setting to 1 will stop the
program from complaining about requests where no referer header was
sent
while leaving the rest of the security features intact.

Default: 1

=item C<max_recipients>

The maximum number of e-mail addresses that any single form should be
allowed to send copies of the e-mail to. If none of your forms send
e-mail to more than one recipient, then we recommend that you improve
the security of FormMail by reducing this value to 1. Setting this
configuration setting to 0 removes all limits on the number of
recipients
of each e-mail.

Default: 5

=item C<mailprog>

The system command that the script should invoke to send an outgoing
email.
This should be the full path to a program that will read a message from
STDIN and determine the list of message recipients from the message
headers.
Any switches that the program requires should be provided here.

For example:

'mailprog' => '/usr/lib/sendmail -oi -t',

An SMTP relay can be specified instead of a sendmail compatible mail
program,
using the prefix C<SMTP:>, for example:

'mailprog' => 'SMTP:mailhost.your.domain',

Default: C<'/usr/lib/sendmail -oi -t'>

=item C<postmaster>

The envelope sender address to use for all emails sent by the script.

Default: ''

=item C<referers>

This configuration setting must be an array reference, holding a list
of names and/or IP address of systems that will host forms that refer
to this FormMail. An empty array here turns off all referer checking.

Default: []

=item C<allow_mail_to>

This configuration setting must be an array reference.

A list of the email addresses that FormMail can send email to. The
elements of this list can be either simple email addresses (like
'') or domain names (like 'your.domain'). If it's a
domain name then any address at that domain will be allowed.

Default: []

=item C<recipients>

This configuration setting must be an array reference.

A list of Perl regular expression patterns that determine who the
script will allow mail to be sent to in addition to those set in
C<allow_mail_to>. This is present only for compatibility with the
original FormMail script. We strongly advise against having anything
in C<recipients> as it's easy to make a mistake with the regular
expression syntax and turn your FormMail into an open SPAM relay.

Default: []

=item C<recipient_alias>

This configuration setting must be a hash reference.

A hash for predefining a list of recipients in the script, and then
choosing between them using the recipient form field, while keeping
all the email addresses out of the HTML so that they don't get
collected by address harvesters and sent junk email.

For example, suppose you have three forms on your site, and you want
each to submit to a different email address and you want to keep the
addresses hidden. You might set up C<recipient_alias> like this:

%recipient_alias = (
'1' => '',
'2' => '',
'3' => '',
);

In the HTML form that should submit to the recipient
C<>,
you would then set the recipient with:

<input type="hidden" name="recipient" value="2" />

Default: {}

=item C<valid_ENV>

This configuration setting must be an array reference.

A list of all the environment variables that you want to be able to
include in the email.

The format that the date will be displayed in, as a string suitable for
passing to strftime().

Default: '%A, %B %d, %Y at %H:%M:%S'

=item C<date_offset>

The empty string to use local time for the date, or an offset from GMT
in hours to fix the timezone independent of the server's locale
settings.

Default: ''

=item C<no_content>

If this is set to 1 then rather than returning the HTML confirmation
page
or doing a redirect the script will output a header that indicates that
no
content will be returned and that the submitted form should not be
replaced. This should be used carefully as an unwitting visitor may
click
the submit button several times thinking that nothing has happened.

Default: 0

=item C<double_spacing>

If this is set to 1 then a blank line is printed after each form value
in
the e-mail. Change this value to 0 if you want the e-mail to be more
compact.

Default: 1

=item C<join_string>

If an input occurs multiple times, the values are joined to make a
single string value. The value of this configuration setting is
inserted between each value when they are joined.

Default: ' '

=item C<wrap_text>

If this is set to 1 then the content of any long text fields will be
wrapped at around 72 columns in the e-mail which is sent. The way that
this is done is controlled by the C<wrap_style> configuration setting.

Default: 0

=item C<wrap_style>

If C<wrap_text> is set to 1 then if this is set to 1 then the text will
be wrapped in such a way that the left margin of the text is lined up
with the beginning of the text after the description of the field -
that is to say it is indented by the length of the field name plus 2.

If it is set to 2 then the subsequent lines of the text will not be
indented at all and will be flush with the start of the lines. The
choice of style is really a matter of taste although you might find
that style 1 does not work particularly well if your e-mail client
uses a proportional font where the spaces of the indent might be
smaller than the characters in the field name.

Default: 1

=item C<address_style>

If C<address_style> is set to 0 then the full address for the user who
filled
in the form will be used as "$email ($realname)" - this is also what
the
format will be if C<emulate_matts_code> is true.

If it is set to 1 then the address format will be "$realname <$email>".

Default: 0

=item C<force_config_*>

Configuration settings of this form can be used to fix configuration
settings that would normally be set in hidden form fields. For
example, to force the email subject to be "Foo" irrespective of what's
in the C<subject> form field, you would set:

'force_config_subject' => 'Foo',

Default: none set

=item C<include_config_*>

Configuration settings of this form can be used to treat particular
configuration inputs as normal data inputs as well as honoring their
special meaning. For example, a user might use C<include_config_email>
to include the email address as a regular input as well as using it in
the email header.

Default: none set

=back

=head1 COMPILE TIME METHODS

These methods are invoked at CGI script compile time only, so long as
the new() call is placed inside a BEGIN block as shown above.

=over

=item default_configuration ()

Returns the default values for the configuration passed to the new()
method, as a key,value,key,value list.

Invoked from init(), this method sets up a hash with a key for each
allowed recipient email address as C<Allow_Mail> and a hash with a
key for each domain at which any address is allowed as C<Allow_Domain>.

if ( $referer =~ m|^https?://([\w\.\-]+)|i) {
my $host = $1;
$self->error_page( 'Bad Referrer - Access Denied', <<END );
<p>
The form attempting to use this script resides at
<tt>$escaped_referer</tt>,
which is not allowed to access this program.
</p>
<p>
If you are attempting to configure FormMail to run with this form,
you need to add the following to \@referers, explained in detail in
the
README file.
</p>
<p>
Add <tt>'$host'</tt> to your <tt><b>\@referers</b></tt> array.
</p>
END
}
elsif (length $referer) {
$self->error_page( 'Malformed Referrer - Access Denied', <<END );
<p>
The referrer value <tt>$escaped_referer</tt> cannot be parsed, so
it is not possible to check that the referring page is allowed to
access this program.
</p>
END
}
else {
$self->error_page( 'Missing Referrer - Access Denied', <<END );
<p>
Your browser did not send a <tt>Referer</tt> header with this
request, so it is not possible to check that the referring page
is allowed to access this program.
</p>
END
}
}

=item check_method_is_post ()

Unless the C<secure> configuration setting is false, this method checks
that the request method is POST. Returns true if OK, otherwise outputs
an error page and returns false.

=cut

sub check_method_is_post {
my ($self) = @_;

return 1 unless $self->{CFG}{secure};

my $method = $self->cgi_object->request_method || '';
if ($method ne 'POST') {
$self->error_page( 'Error: GET request', <<END );
<p>
The HTML form fails to specify the POST method, so it would not
be correct for this script to take any action in response to
your request.
</p>
<p>
If you are attempting to configure this form to run with FormMail,
you need to set the request method to POST in the opening form tag,
like this:
<tt>&lt;form action=&quot;/cgi-bin/FormMail.order_form.pl&quot;
method=&quot;post&quot;&gt;</tt>
</p>
END
return 0;
}
else {
return 1;
}
}

=item parse_form ()

Parses the HTML form, storing the results in various fields in the
C<FormMail> object, as follows:

=over

=item C<FormConfig>

A hash holding the values of the configuration inputs, such as
C<recipient> and C<subject>.

=item C<Form>

A hash holding the values of inputs other than configuration inputs.

=item C<Field_Order>

An array giving the set and order of fields to be included in the
email and on the success page.

Returns a list of the names of the form fields which are used
to configure formmail rather than to provide user input, such
as C<subject> and C<recipient>. The specially treated C<email>
and C<realname> fields are included in this list.

Converts the form configuration values C<required>, C<env_report> and
C<print_config> from strings of comma separated values to arrays, and
removes anything not in the C<valid_ENV> configuration setting from
C<env_report>.

Invoked from get_recipients if no C<recipient> input is found, this
method
returns the default recipient list. The default recipient is the first
email
address listed in the C<allow_mail_to> configuration setting, if any.

my $errhtml = <<END;
<p>
There was no recipient or an invalid recipient specified in the
data sent to FormMail. Please make sure you have filled in the
<tt>recipient</tt> form field with an e-mail address that has
been configured in <tt>\@recipients</tt> or <tt>\@allow_mail_to</tt>.
More information on filling in <tt>recipient/allow_mail_to</tt>
form fields and variables can be found in the README file.
</p>
END

$self->error_page( 'Error: Too many Recipients', <<END );
<p>
The number of recipients configured in the form exceeds the
maximum number of recipients configured in the script. If
you are attempting to configure FormMail to run with this form
then you will need to increase the <tt>\$max_recipients</tt>
configuration setting in the script.
</p>
END
}

=item get_missing_fields ()

Returns a list of the names of the required fields that have not been
filled in acceptably, each one possibly annotated with details of the
problem with the way the field was filled in.

Creates the address that will be used for the user that filled in the
form,
if the address_style configuration is 0 or emulate_matts_code is true
then
the format will be "$email ($realname)" if it is set to a true value
then
the format will be "$realname <$email>".

Generates the email body text for a single form input, and returns
it as a two element list of prefix and remainder of line. The return
value is split into a prefix and remainder of line because the text
wrapping code may need to indent the wrapped line to the length of the
prefix.

=cut

sub build_main_email_field {
my ($self, $name, $value) = @_;

return ("$name: ", $value);
}

=item wrap_field_for_email ( PREFIX, LINE )

Takes the prefix and rest of line of a field as arguments, and returns
them
as a text wrapped paragraph suitable for inclusion in the main email.

# Some early versions of Text::Wrap will die on very long words, if
that
# happens we fall back to no wrapping.
my $wrapped;
eval { local $SIG{__DIE__} ; $wrapped =
wrap($prefix,$subs_indent,$value) };
return ($@ ? "$prefix$value" : $wrapped);
}

=item email_wrap_columns ()

Returns the number of columns to which the email should be wrapped if
the
text wrapping option is in use.

=cut

sub email_wrap_columns { 72; }

=item send_main_email_footer ()

Sends the footer of the main email body, including any environment
variables
listed in the C<env_report> configuration form field.

Advertisements

wrote:
> I can't make this script work properly.
> var inputFields = new Array("Lovenote");
>From your code, this 'array' is intended presumably to contain the
names of the fields to be tested, however the single name it contains
isn't used in the form.
Before asking for help - check the error console, that's why it's
there.

Advertisements

Guest

Stephen,
I'm completely new to this and that's why I'm seeking help, so please
pardon my ignorance. I am trying to learn though and I appreciate any
help. This is going to sound like a stupid question to you, but what
exactly is the "error console" and how do I access and use it?
Scott

wrote:
> Stephen,
> I'm completely new to this and that's why I'm seeking help,
> so please pardon my ignorance. I am trying to learn though
> and I appreciate any help. This is going to sound like a
> stupid question to you, but what exactly is the "error
> console" and how do I access and use it?

The 'error console' is one of a number of browser-specific methods of
reporting javascript errors:-

(Also, read the entire FAQ as it will enable you to anticipate and avoid
many potential problems when posting to this group)

If your problems are client-side javascript related you are unlikely to
be able to identify them while looking at server-side code. You (and
indeed we) would be better off looking at the combination of client-side
HTML and javascript that is sent to the browser, as that is where the
error (or faulty/ineffective code) will actually be found. You can
usually access the client-side code that is actually sent to the browser
by using a browser's view-source facility (or looking in the cache).
Viewing the source sent to the browser is a common and normal part of
debugging client-side aspects of server scripts.

You could have searched this group for "FAQ", and would have found not only
numerous pointers with the correct URL for the FAQ, but also the text
version of the FAQ as it is posted here regularly. FWIW, here you are:

<URL:http://jibbering.com/faq/#FAQ4_43>

(Richard just forgot one "b", however the `www.' is unnecessary here.)

Please quote what you are replying to next time. This is described in the
FAQ Notes as well. See
<URL:http://www.safalra.com/special/googlegroupsreply/> for Google Groups
specific advice.

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!